[FIX] website_mail: sanitize email templates when displaying templates selection

In cases the templates is not html syntax valid
2014-09-29 14:57:36 +02:00 · 2014-09-29 14:57:36 +02:00 · 03af44babe
parent c85547477c
commit 03af44babe
2 changed files with 3 additions and 1 deletions
--- a/addons/website_mail/controllers/email_designer.py
+++ b/addons/website_mail/controllers/email_designer.py
@ -4,6 +4,7 @@ from urllib import urlencode

 from openerp.addons.web import http
 from openerp.addons.web.http import request
+from openerp.tools.mail import html_sanitize


 class WebsiteEmailDesigner(http.Controller):
@ -64,6 +65,7 @@ class WebsiteEmailDesigner(http.Controller):
            tids = tmpl_obj.search(cr, uid, [], context=context)
        templates = tmpl_obj.browse(cr, uid, tids, context=context)
        values['templates'] = templates
+        values['html_sanitize'] = html_sanitize

        return request.website.render("website_mail.email_designer", values)

--- a/addons/website_mail/views/website_email_designer.xml
+++ b/addons/website_mail/views/website_email_designer.xml
@ -24,7 +24,7 @@
                    </div>
                    <div t-foreach="templates" t-as="template" class="col-md-3 col-sm-4 text-center">
                        <div class="email_preview_border">
-                            <div t-field="template.body_html" class="email_preview js_content"/>
+                            <div t-field="html_sanitize(template.body_html)" class="email_preview js_content"/>
                        </div>
                        <h4 t-field="template.name"/>
                        <button class="btn btn-primary js_template_set">Select</button>